Fix import_url validation for passwords with special characters

Carla Dragorequested to merge
343452-fix-import-url-validation into master

Summary

Fixes #343452 (closed)

Special characters (#, ?, /) in the password portion of an import_url caused "URI is invalid" errors when creating or updating projects via the API.

Changes

  • Gitlab::UrlSanitizer.valid?: Strip userinfo (credentials) from the URL before passing to Addressable::URI.parse, so special characters in the password don't break parsing.
  • Import::ValidateRemoteGitEndpointService: Use UrlSanitizer to safely extract credentials from the URL instead of raw Addressable::URI.parse. Percent-encode credentials before passing to Gitaly.

Screenshots

before after
before after

How to verify

  1. Create a private repo on a GitLab instance with a user whose password contains # (or any combination of special characters)
  2. Import it via the API: "import_url": "https://user:pass#word@host/repo.git"
  3. Before fix: 422 error. After fix: project created successfully.
Edited by Carla Drago

Merge request reports